If its a straight DOS where it comes from a single IP address then its easy, your ISP / hosting company should be able to get that IP address sinkholed.
Good DDOS protection is very hard to achieve. The ISP I work for has a dedicated software / hardware solution for helping protect customers against DDOS attacks, but its obscenely expensive. Ideally you need to be getting the protection at the earliest place possible. Odds are by the time its reached your server its almost too late. your bandwidth is getting eaten up and traffic will start to get congested heading to your server even if you're doing software stuff to reduce the overhead of answering the syn flood, or whatever is being done. The solution we use is within one or two hops of the entry points to our network, and if its needed for a customer traffic for that IP is routed through it, it blocks some stuff from the get go, but it'll take up to 6 hours to really get to be really effective as it needs to learn the patterns behind the attack before it can do a decent job of filtering it.